General
-
Target
Dhl shipment 452869074700.exe
-
Size
868KB
-
Sample
221207-h6nrjsaa31
-
MD5
e7a39f97d03ec982df461b972e26e932
-
SHA1
d547036046730d5c0eaa681edd6473c94d43518c
-
SHA256
58679b062a4049ab0b5a1ebc39c87bac639ea2d8902243c0739250abaa82c13d
-
SHA512
877d74ad7247e2188423e3ef28c704c7c043728ecb4141544e3fb2dc1ee6dd56b95b61fa0b66df37d7d090edd10b7a127724c317d7072b1a8e89105919c8966e
-
SSDEEP
12288:roQgKZ/nXt7virmWhlGLaQYImNz+GBlr/NpoplnJjCGry/nFWJGn/nDbee3Opjma:MtpawTnEs/nDV+p
Static task
static1
Behavioral task
behavioral1
Sample
Dhl shipment 452869074700.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Dhl shipment 452869074700.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Dhl shipment 452869074700.exe
-
Size
868KB
-
MD5
e7a39f97d03ec982df461b972e26e932
-
SHA1
d547036046730d5c0eaa681edd6473c94d43518c
-
SHA256
58679b062a4049ab0b5a1ebc39c87bac639ea2d8902243c0739250abaa82c13d
-
SHA512
877d74ad7247e2188423e3ef28c704c7c043728ecb4141544e3fb2dc1ee6dd56b95b61fa0b66df37d7d090edd10b7a127724c317d7072b1a8e89105919c8966e
-
SSDEEP
12288:roQgKZ/nXt7virmWhlGLaQYImNz+GBlr/NpoplnJjCGry/nFWJGn/nDbee3Opjma:MtpawTnEs/nDV+p
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Suspicious use of SetThreadContext
-